Skip to content

Instantly share code, notes, and snippets.

@gunta

gunta/doppler-esc2.md

Last active February 6, 2024 14:12
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gunta/713db4252940955dd36f8eee71ec3593 to your computer and use it in GitHub Desktop.
Save gunta/713db4252940955dd36f8eee71ec3593 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
doppler-esc2.md

Title

New SecretOps Provider – Evaluate Doppler Over Current ESC Solution

Context

I am considering a change in our SecretOps provider to enhance our development experience and efficiency.

This comparison evaluates four potential solutions – Infisical, Pulumi ESC, HashiCorp Vault, and Doppler – based on factors such as pricing, integration capabilities, user experience, and our specific organizational needs.

We leave out of scope the Cloud Provider solutions such as AWS Secret Manager, GCP Secret Manager and Azure Key Vault since they are cloud dependent and the DX is bad as detailed here.

Detailed Comparison

HashiCorp Vault

  • Pricing: High cost; $1.58/hour leading to over $1000/month. Only 25 free secret quotes.
  • User Experience: Pricing model is not transparent.
  • Conclusion: Not considered due to high cost and limited free offerings.

ESC (Pulumi)

  • Pricing: Free (current status).
  • Integration: Good with Pulumi ecosystem.
  • User Experience: Early stage solution, not lots of integrations, so not the best developer experience (DX) yet, lack of GitHub Secrets sync.
  • Issues: Deprecated GitHub Actions, manual secret export, out-of-sync local ENV files.
  • Conclusion: Potential but immature in its current stage.

Infisical

  • Pricing: Free for up to 5 developers; $6/month per additional developer on the lowest tier.
  • User Experience: Good overall; self-hosting option available, Open Source.
  • Issues: Slow Dashboard UI, lack of Code Editor plugin, GitHub Application installation restrictions to install in the whole Organization (big issue).
  • Conclusion: Good option, but some major drawbacks.

Doppler

  • Pricing: Free for 3 developers; $7/month for additional users.
  • User Experience: Excellent; intuitive and efficient.
  • Features: Environment management, local .env file elimination, fast UI, VSCode Plugin, correct GitHub Secrets sync, correct GitHub App permissions to install in each repository. In particular, the VSCode Plugin can edit the secrets locally and automatically upload and sync to the cloud, amazing DX, no need to even open the dashboard UI
  • Issues: Not open source; higher-tier pricing concerns.
  • Conclusion: Best DX; recommended for trial.

Decision

Based on the comparison, Doppler is recommended for trial due to its superior developer experience and comprehensive feature set. However, monitoring cost implications and potential improvements in other Open Source services like Infisical or ESC is advised for future considerations in around 2 years.

Status

Proposed

Consequences

Summary Table

Feature/Service HashiCorp Vault ESC (Pulumi) Infisical Doppler
Pricing High Free (for now) Affordable Moderate
Developer Experience - Not there yet Good Excellent
GitHub Sync - No No Yes
Open Source Yes Yes Yes No

Advantages of using Doppler

  • The best DX currently in the market
  • No more .env local files so less problems and differences to debug
  • More security by not having .env files anymore
  • No more secrets being out of sync
  • Until now we had to run bun secrets:update but its easy to forget and get everyone on the same boat
  • Secrets can be edited right in the editor as if they were locally by using the IDE Plugin

Disadvantages of using Doppler

  • Pricing is $7/month after the first 3 developers, but gains in productivity might be worth
  • Not Open Source

References

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment